Re: IDS data sets

[Roberto Perdisci <roberto.perdisci () gmail com>]

On Mon, 21 Feb 2005 16:11:31 +0100, Stefano Zanero
<zanero () elet polimi it> wrote:
> Hallo Salim,
>
> > I am a newbie to the forum. I am looking for some pointers as far as
> > techniques/tools used in analyzing IDS data published by MIT & DARPA
> > (http://www.ll.mit.edu/IST/ideval/).
>
> The data are intended for IDS evaluation, thus you can analyze them with
> any IDS / Network traffic analysis tool (as far as the TCPDump logs are
> concerned) or with a BSM auditing tool for the rest of them.

Hallo all,

To the best of my knowledge, the MIT-DARPA dataset is the most recent
and valid dataset created in order to test the performances of IDSs.
For this reason, dispite it is 5 years old, it is currently considered
as the point of reference in the research field.
Nevertheless, some authors have attemted to use data collected during
hacker's contests like the DEFCON. You can find an example of this in
"Fusing heterogeneous alert streams into scenarious", Dain &
Cunningham, ACM CCS 2001.

Roberto

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------